Revoking authority from a command, A-10 – Nlynx ETU400 User Manual

Page 200

background image

ETU400 User Guide 011603


Working with ETU Security

For the Security Officer: The ETU menuing system takes advantage of the

security provided with the AS/400. This allows you to decide which users

on your system will have access to which ETU commands. When ETU is first

installed on your host system, the only profiles that are authorized to

the ETU power commands are QSECOFR, and any other user profile with all

object (*ALLOBJ) authority.

The menu options for the power commands do not display on the ETU menus

of other users. To allow a user to have access to a power command, follow

the instructions below in Granting Authority to a Command.

All ETU commands, with the exception of the power commands, are shipped

with *PUBLIC object authority and are available to all users. If you do

not want a user to have access to an ETU command, use the GRTOBJAUT

command (grant object authority) with *EXCLUDE as the value for the

Authority parameter.

NOTE: If a user profile contains special authority (SPCAUT) value
*ALLOBJ, all users with that profile automatically have access to the ETU

power commands on the ETU Main menu. To revoke the power commands from

this user profile, you must change the user profile, removing *ALLOBJ

from SPCAUT value.

Systems with security level of 10 or 20 will automatically have *ALLOBJ

Granting Authority to a Command

This section describes how to grant and revoke authority to the ETU

commands. When you grant authority to a power command, or any command for

that matter, you can grant authority for a single user of a group of

users. Once authority to a command has been granted for a user, the

command will display on the user's ETU menu.

To grant authority to a power command:

1. Sign on to the AS/400 as QSECOFR.

2. Enter the GRTOBJAUT command (grant object authority) on the command

line and prompt (press F4):


3. Enter the name of the command to which you wish to grant authority.

4. Explicitly grant authority to each user who will be authorized to use

the command.

It is not necessary to grant authority to commands other than the

power commands. These commands can be used by all users because of

their *PUBLIC object authority.